Security News > 2022 > September > Record DDoS Attack with 25.3 Billion Requests Abused HTTP/2 Multiplexing
Cybersecurity company Imperva has disclosed that it mitigated a distributed denial-of-service attack with a total of over 25.3 billion requests on June 27, 2022.
The "Strong attack," which targeted an unnamed Chinese telecommunications company, is said to have lasted for four hours and peaked at 3.9 million requests per second.
"Attackers used HTTP/2 multiplexing, or combining multiple packets into one, to send multiple requests at once over individual connections," Imperva said in a report published on September 19.
The attack was launched from a botnet that comprised nearly 170,000 different IP addresses spanning routers, security cameras, and compromised servers located in more than 180 countries, primarily the U.S., Indonesia, and Brazil.
The disclosure also comes as web infrastructure provider Akamai said it fielded a new DDoS assault aimed at a customer based in Eastern Europe on September 12, with attack traffic spiking at 704.8 million packets per second.
The same victim was previously targeted on July 21, 2022, in a similar fashion in which the attack volume ramped up to 853.7 gigabits per second and 659.6 million pps over a period of 14 hours.
News URL
https://thehackernews.com/2022/09/record-ddos-attack-with-253-billion.html
Related news
- CISA: Here’s how you can foil DDoS attacks (source)
- Crafting Shields: Defending Minecraft Servers Against DDoS Attacks (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- New HTTP/2 DoS attack can crash web servers with a single connection (source)
- Germany points finger at Fancy Bear for widespread 2023 hacks, DDoS attacks (source)